The Latest in IT Security

LulzSec scam discovered on Facebook – but it’s not what you think

22
Jun
2011

Picture on FacebookEarlier today, a member of the British press contacted me asking if I had any photographs of the arrest of a suspected hacker in Wickford, Essex.

Quite why I, based in Oxford (which is about a 100 mile drive from where the man was arrested), would have photos of late-night goings-in in Essex wasn’t really explained by the journalist. But let’s not worry about that now.

In short, I explained that I didn’t have any photos and they would have to look elsewhere.

“But you do have a photo of the hacker! I’ve seen it on Facebook! But we want an unblurred version!” exclaimed the reporter.

Baffled, I asked her to explain exactly what she had seen. And this is it..

Click for larger version

There it is, a picture of a pixellated man being lead away from a building by two pixellated people who we assume are policemen. And right next to it is a link to the Naked Security story we published about the arrest of a man who may or may not be connected with the LulzSec hacking gang.

And what’s that you see?

The Creator of LulzSec arrested in London (PHOTO TAKEN BY THE POLICE)
SEE THE PICTURE WITHOUT BLURRING, SHARE THIS PAGE AND LIKE IT !!

Hmm, London? The creator of LulzSec? I don’t think so. That doesn’t seem very accurate.

Let’s click on the tab labelled “The Picture”. I’m now presented with webpage content – including a larger version of the blurred photograph – inside an iFrame.

LulzSec scam on Facebook

Alarm bells should be ringing in your head at this point. Why should you have to “Like” and “Share” a page in order to see a photo?

Fortunately I had a test Facebook account which I could safely use on a computer to investigate what I would occur if I followed the Facebook page’s creator’s instructions.

Sharing and liking the page, followed by clicking on the link, lead me to third-party webpages that urged me to download a program called iLividSetupV1.exe that attempted to install a series of toolbars.

Presumably whoever is behind this Facebook scam (and I doubt it is anyone connected with LulzSec) is earning commission the more people they convince to install the software. So far, this scam is far from widespread – but it’s certainly inventive to exploit the breaking news story of the suspected hacker being arrested in the UK.

Oh, and are you still curious regarding the photograph? Well, I was able to determine who was really in that picture.

It’s actually a Turkish hacker in the photograph. Mert Ortac was arrested in Turkey in late 2008, and you can read the full story of his brush with the law in this Wired article which includes the photograph of him being escorted (unblurred) by a couple of policemen.

Wired article including image of Mert Ortac

So that mystery is solved at least! And the journalist should be happy they didn’t use the picture to illustrate the British arrest.

If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.

  1. AndyB January 10, 2012

    the iLividSetupV1.exe can be got from all over facebook – there are adverts all over the digital chocolate games that read ‘Click here to download plugin’ and ‘problems have been detected with your version of flash player – update now’

    both adverts are designed to deliberately mislead you into downloading iLividSetupV1.exe when you think your getting an updated flash player

Leave a reply


Categories

SATURDAY, JULY 31, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments